Reducing unauthorized modification of digital objects

IEEE Transactions on Software Engineering

Volumn 38, Issue 1, 2012, Pages 191-204

  Van Oorschot, Paul C ^a   Wurster, Glenn ^a  

^a CARLETON UNIVERSITY   (Canada)

Author keywords

access controls; file organization; operating systems; Protection mechanisms; software release management and delivery; system integration and implementation

Indexed keywords

DIGITAL OBJECTS; GENERAL APPROACH; KERNEL MODIFICATIONS; OVERHEAD COSTS; PROTECTION MECHANISMS; PUBLIC KEY INFRASTRUCTURE; ROOTKITS; SYSTEM INTEGRATION; UNAUTHORIZED MODIFICATION;

ACCESS CONTROL; COMPUTER OPERATING SYSTEMS; FILE ORGANIZATION; PUBLIC KEY CRYPTOGRAPHY;

SOFTWARE TESTING;

EID: 84856541805     PISSN: 00985589     EISSN: None     Source Type: Journal    
DOI: 10.1109/TSE.2011.7     Document Type: Article

References (63)

1. G. Wurster and P. van Oorschot, "Self-Signed Executables: Restricting Replacement of Program Binaries by Malware," Proc. USENIX Workshop Hot Topics in Security , 2007.
2. G. Wurster and P. van Oorschot, "The Developer Is the Enemy," Proc. Workshop New Security Paradigms, Sept. 2008.
3. S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian, "Flexible Support for Multiple Access Control Policies," ACM Trans. Database Systems, vol. 26, no. 2, pp. 214-260, June 2001. (Pubitemid 33661632)
4. S. Garfinkel, G. Spafford, and A. Schwartz, "Users, Groups, and the Superuser," Practical Unix and Internet Security, third ed., O'Reilly Media, Inc., Feb. 2003.
5. D. Florncio and C. Herley, "A Large-Scale Study of Web Password Habits," Proc. 16th Int'l Conf. World Wide Web, pp. 657-666, 2007. (Pubitemid 47582295)
6. G. Wurster, "Security Mechanisms and Policy for Mandatory Access Control in Computer Systems," PhD dissertation, Carleton Univ., 2010.
7. A. Apvrille, D. Gordon, S. Hallyn, M. Pourzandi, and V. Roy, "Digsig: Run-Time Authentication of Binaries at Kernel Level," LISA '04: Proc. 18th Systems Administration Conf., pp. 59-66, 2004.
8. L. van Doorn, G. Ballintign, and W.A. Arbaugh, "Signed Executables for Linux," Technical Report CS-TR-4259, Univ. of Maryland, 2002.
9. E. Skoudis and L. Zeltser, Malware: Fighting Malicious Code. Prentice Hall PTR, 2004.
10. D. Dittrich, "'Root Kits' and Hiding Files/Directories/Processes after a Break-in," Web Page, http://staff.washington.edu/dittrich/misc/ faqs/rootkits.faq, Jan. 2002.
11. "Google Android," Web Site (viewed 28 Aug. 2009), http://code.google.com/android/, 2011.
12. A. Baliga, P. Kamat, and L. Iftode, "Lurking in the Shadows: Identifying Systemic Threats to Kernel Data," Proc. IEEE Symp. Security and Privacy, pp. 246-251, May 2007. (Pubitemid 47432531)
13. N.L. Petroni Jr., T. Fraser, J. Molina, and W.A. Arbaugh, "Copilot-A Coprocessor-Based Kernel Runtime Integrity Monitor," Proc. 13th USENIX Security Symp., pp. 179-194, Aug. 2004.
14. Y.-M. Wang, D. Beck, B. Vo, R. Roussev, and C. Verbowski, "Detecting Stealth Software with Strider Ghostbuster," Proc. Int'l Conf. Dependable Systems and Networks, pp. 368-377, June 2005. (Pubitemid 41538251)
15. C. Kruegel, W. Robertson, and G. Vigna, "Detecting Kernel-Level Rootkits through Binary Analysis," Proc. 20th Ann. Computer Security Applications Conf., pp. 91-100, 2004. (Pubitemid 40931067)
16. T. Garfinkel and M. Rosenblum, "A Virtual Machine Introspection Based Architecture for Intrusion Detection," Proc. Network and Distributed Systems Security Symp., pp. 191-206, Feb. 2003.
17. N.L. Petroni Jr., T. Fraser, A. Walters, and W. Arbaugh, "An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data," Proc. 15th USENIX Security Symp., pp. 289-304, Aug. 2006.
18. A. Baliga, X. Chen, and L. Iftode, "Paladin: Automated Detection and Containment of Rootkit Attacks," Technical Report DCS-TR-593, Dept. of Computer Science, Rutgers Univ., Jan. 2006.
19. G.H. Kim and E.H. Spafford, "The Design and Implementation of Tripwire: A File System Integrity Checker," Proc. ACM Conf. Computer and Comm. Security, pp. 18-29, 1994.
20. Microsoft, "Description of the Windows File Protection Feature," web page, http://support.microsoft.com/kb/222193, May 2007.
21. J.B. Grizzard, "Towards Self-Healing Systems: Re-Establishing Trust in Compromised Systems," PhD dissertation, Georgia Inst. of Technology, May 2006.
22. "WriteFileEx Function," web page, http://msdn.microsoft.com/en- us/library/aa365748 (VS.85).aspx, Nov. 2008.
23. Digital Signatures for Kernel Modules on Systems Running Windows Vista, Microsoft, http://www.microsoft.com/whdc/winlogo/drvsign/kmsigning.mspx, July 2007.
24. J. Rutkowska, "Subverting Vista Kernel for Fun and Profit," Blackhat Presentation, http://blackhat.com/presentations/bh-usa-06/BH-US-06- Rutkowska.pdf, Aug. 2006.
25. Z. Ye, S. Smith, and D. Anthony, "Trusted Paths for Browsers," ACM Trans. Information and System Security, vol. 8, no. 2, pp. 153-186, May 2005. (Pubitemid 41092670)
26. K.R.B. Butler, S. McLaughlin, and P.D. McDaniel, "Rootkit-Resistant Disks," Proc. 15th ACM Conf. Computer and Comm. Security, pp. 403-415, Oct. 2008.
27. "Bsign," web site (viewed 22 Jan. 2009), http://packages. debian. org/lenny/bsign, 2011.
28. D. Howells, "Modsign: Kernel Module Signing," Patchset from Linux Kernel Mailing List (LKML: 14 Feb. 2007), http://lkml.org/lkml/2007/2/14/ 164, Feb. 2007.
29. Executable and Linkable Format (ELF), first ed., http://www. skyfree.org/linux/references/ELF-Format.pdf, 2011.
30. A. van de Ven, "make/dev/kmem a Config Option," GIT Commit, http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6-stable.git;a= commit;h=b781ecb6a379f155568ef7093e 38c6c1d857fe53, Apr. 2008.
31. A. van de Ven, "x86: Introduce/dev/mem Restrictions with a Config Option," GIT Commit, http://git.kernel.org/?p=linux/kernel/git/stable/ linux-2.6-st a b l e . g it;a=commit;h= ae531c26c5c2a28ca1b35a75b39b3b256850f2c8, Apr. 2008.
32. G. Kroah-Hartman, "Signed Kernel Modules," Linux J., vol. 117, pp. 48-53, Jan. 2004.
33. C. Wright, C. Cowan, J. Morris, S. Smalley, and G. Kroah-Hartman, "Linux Security Modules: General Security Support for the Linux Kernel," Proc. 11th USENIX Security Symp., pp. 17-31, Aug. 2002.
34. "'Digital Signature Standard," Federal Information Processing Standards Publication 186, technical report, US Dept. of Commerce/NIST, Nat'l Technical Information Service, Virginia, 1994.
35. The Debian GNU/Linux FAQ: Chapter 8-The Debian Package Management Tools, http://www.debian.org/doc/FAQ/ch-pkgtools.en.html, June 2008.
36. J. Cappos, J. Samuel, S. Baker, and J.H. Hartman, "A Look in the Mirror: Attacks on Package Managers," Proc. 15th ACM Conf. Computer and Comm. Security, pp. 565-574, Oct. 2008.
37. P. Padala, "Playing with ptrace, Part 1," Linux J., vol. 103, Nov. 2002.
38. Y.K. Okuji, "GNU GRUB," web page, http://www.gnu.org/software/ grub/, Dec. 2008.
39. Google, "Android Developer Guide,"developer website, http://developer.android.com/guide/publishing/app-signing.html, July 2009.
40. S. Oaks, "Digital Signatures," Java Security, second ed., O'Reilly Media, Inc., May 2001.
41. R. Russell, D. Quinlan, and C. Yeoh, Filesystem Hierarchy Standard, second ed. VDM Publishing House Ltd., http://www.pathname. com/fhs/, Jan. 2004.
42. G.H. Kim and E.H. Spafford, "Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection," Technical Report CSD-TR-93-071, Purdue Univ., 1993.
43. "Knoppix Linux," web page (accessed 15 Dec. 2008), http://www.knoppix.net, 2011.
44. X. Zhao, K. Borders, and A. Prakash, "Towards Protecting Sensitive Files in a Compromised System," Proc. IEEE Third Int'l Security in Storage Workshop, pp. 21-28, 2005. (Pubitemid 46402457)
45. J. Strunk, G. Goodson, M. Scheinholtz, C. Soules, and G. Ganger, "Self-Securing Storage: Protecting Data in Compromised Systems," Proc. Fourth Symp. Operating Systems Design and Implementation, Oct. 2000.
46. J. Collake, "Hacking Windows File Protection," web page, http://www.bitsum.com/aboutwfp.asp, May 2007.
47. A. Pennington, J. Strunk, J. Griffin, C. Soules, G. Goodson, and G. Ganger, "Storage-Based Intrusion Detection: Watching Storage Activity for Suspicious Behavior," Proc. 12th USENIX Security Symp., pp. 137-151, Aug. 2003.
48. M. Pozzo and T. Gray, "An Approach to Containing Computer Viruses," Computers and Security, vol. 6, no. 4, pp. 321-331, Aug. 1987.
49. G. Davida, Y. Desmedt, and B. Matt, "Defending Systems Against Viruses through Cryptographic Authentication," Proc. Symp. Security and Privacy, pp. 312-318, May 1989.
50. P. Loscocco and S. Smalley, "Integrating Flexible Support for Security Policies into the Linux Operating System," FREENIX '01: Proc. USENIX Ann. Technical Conf., June 2001.
51. T. Jaeger, R. Sailer, and X. Zhang, "Analyzing Integrity Protection in the SELinux Example Policy," Proc. 12th USENIX Security Symp., pp. 59-74, Aug. 2003.
52. K.M. Walker, D.F. Sterne, M.L. Badger, M.J. Petkac, D.L. Sherman, and K.A. Oostendorp, "Confining Root Programs with Domain and Type Enforcement (DTE)," Proc. Sixth USENIX Security Symp., July 1996.
53. "Trusted XENIX Version 3.0 Final Evaluation Report," Technical Report CSC-EPL-92-001, Nat'l Computer Security Center, Apr. 1992.
54. Y. Korff, P. Hope, and B. Potter, Mastering FreeBSD and OpenBSD Security. O'Reilly Media, Inc., 2005.
55. C. Tyler, Fedora Linux. O'Reilly Media, Inc., 2007.
56. Q. Liu, R. Safavi-Naini, and N.P. Sheppard, "Digital Rights Management for Content Distribution," Proc. Australasian Information Security Workshop Conf. Frontiers, vol. 21, pp. 49-58, 2003.
57. R.L. Rivest and B. Lampson, "A Simple Distributed Security Infrastructure," http://people.csail.mit.edu/rivest/sdsi11.html, Oct. 1996.
58. C. Ellison, RFC 2692: SPKI Requirements, http://www.isi.edu/in-notes/ rfc2692.txt, Sept. 1999.
59. J.Y. Halpern and R. van der Meyden, "A Logical Reconstruction of SPKI," J. Computer Security, vol. 11, no. 4, pp. 581-613, 2003.
60. A.D. Rubin and D.E. Geer Jr., "Mobile Code Security," IEEE Internet Computing, vol. 2, no. 6, pp. 30-34, Nov. 1998. (Pubitemid 128558708)
61. A.P. Heiner and N. Asokan, "Secure Software Installation in a Mobile Environment," Proc. Poster, Third Symp. Usable Privacy and Security, pp. 155-156, 2007. (Pubitemid 350229392)
62. BlackBerry Java Application: Fundamentals Guide (Version 5.0), Research in Motion Limited, Apr. 2010.
63. A. Bellissimo, J. Burgess, and K. Fu, "Secure Software Updates: Disappointments and New Challenges," Proc. USENIX Workshop Hot Topics in Security, 2006.